Note: This page deals with content related to KDE 3. If you are developing for KDE 4, this information might not be valid anymore.

Resource sharing

Many applications work with external resources which gives them the freedom to change or extend the behavior without requiring to change the application code itself. Others are extensible with the help of binary plugins. All these external resources should be provided in a way to the user, and the most common way is to put them on the homepage of the application, which works, but it is not so convenient to the final user to get the updates. It is much easier to get them from inside the application. Luckily KDE has the corresponding technology called KNewStuff which not only makes possible to download updates and resources, but if the application supports it, it is even possible to share a resource created by the user with other users. KNewStuff has a weak point though, that you cannot really know who created a resource when downloading, nor the maintainer of the resource repository can know who created the resource that was uploaded, and there is no corruption checking either.

Starting with KDE 3.4 and with the introduction of the KNewStuffSecure class this problems are solved. With this technology the resources can be digitally signed, an md5sum is calculated for them, so both the uploaded and downloaded resources can be verified whether they come from a safe source and person or not.

General information

Using KNewStuff itself is quite simple, and I tried to make KNewStuffSecure not more complicated. The only extra requirement is to have gpg installed in your $PATH, and for uploading of course it is preferred if you already have a GPG key that you can use for resource signing.

As gpg is not a compilation time requirement, it is suggested that you check on application startup for its presence and warn the user what he misses without it. Of course the check is performed by KNewStuffSecure as well, but I find it muchnicer to check for runtime dependencies on startup.

Downloading resources

The first thing you must to is to subclass the KNewStuffSecure class and implement the installResource method, which is a pure virtual method in KNewStuffSecure. Here is an example of what you should put in a header file:

#include <knewstuff/knewstuffsecure.h>class MyNewStuff:public KNewStuffSecure
{Q_OBJECTpublic:
MyNewStuff(constQString&type,QWidget*parentWidget=0): KNewStuffSecure(type, parentWidget){};
~MyNewStuff(){};private:virtualvoid installResource();};</code>
In order to know what you should do in installResource() it is important to understand the structure of the resource you get via KNewStuffSecure. The resource is a gzipped tarball, let's call it {{path|resource.tar.gz}}. The {{path|resource.tar.gz}} contains three files:
{| border="1"
! Filename !! Description
|-
| {{path|data.tar.gz}} || another tarball containing the actual data to be installed. The name is not fixed, it can be anything like {{path|cards.tgz}}, {{path|greetings.tar.gz}} or whatever.
|-
| signature || holds the signature for {{path|data.tar.gz}}
|-
| md5sum || holds the MD5 sum for the {{path|data.tar.gz}}
|}
In the implementation file you have to process the {{path|data.tar.gz}} only, the rest is handled by KNewStuffSecure. If installing the resource means that you put the downloaded file(s) from {{path|data.tar.gz}} into a directory, the implementation of MyNewStuff looks like:
<syntaxhighlight lang="cpp-qt">
void MyNewStuff::installResource()
{
KTar tar(m_tarName, "application/x-gzip" );
if (tar.open(IO_ReadOnly))
{
const KArchiveDirectory *directory = tar.directory();
QString resDir =KGlobal::dirs()->saveLocation("data" ) + "appname/stuff/";
directory->copyTo(resDir, true);
tar.close();
} else
KMessageBox::error(parentWidget(), i18n("There was an error with the
downloaded resource tarball file. Possible causes are damaged archive or
invalid directory structure in the archive." ),
i18n("Resource Installation Error" ));
}
</code>
As you can see the name of the resource tarball you have to install is in
"m_tarName". The above code installs the files from m_tarName to {{path|$KDEHOME/share/appname/stuff}}. Of course, you must provide the real appname there.
You are free to do other installation methods, depending on your needs. In some cases it may be just enough to copy the resource tarball somewhere. This part of the code depends completely on the type of the resource and your application.
Now how to initiate a download? You have to do three things:
* create a MyNewStuff object
* connect the signal installFinished() to a slot to do things what you want after the install is done
* call downloadResource() for the MyNewStuff object
Example:
<syntaxhighlight lang="cpp-qt">
void MyApp::slotDownloadResource()
{
if (!m_newStuff)
{
m_newStuff = new MyNewStuff("appname/resourcetype", this);
connect(m_newStuff, SIGNAL(installFinished()), this, SLOT(slotResourceInstalled()));
}
m_newStuff->downloadResource();
}
</code>
Just a note: ''"appname/resourcetype"'' is in free form, it identifies the type of the resource. See the standard KNewStuff documentation for details.
<hr />
== Uploading resources ==
Uploading is simple as well. You just have to create the {{path|data.tar.gz}} (which is specific for your application) and call uploadResource(fileName), where fileName points to the created data tarball.
Example:
<syntaxhighlight lang="cpp-qt">
void MyApp::slotUploadResource()
{
QString fileName = createUploadResource();
if (!m_newStuff)
m_newStuff = new MyNewStuff("application/resourcetype", this);
m_newStuff->uploadResource(fileName);
}
</code>
Here createUploadResource() creates the data tarball and returns the name with path to the created tarball.
That is all. I hope you will find this tutorial useful.